1. Field of the Invention
This invention relates to data analysis and more specifically to the analysis of data for possible or probable fraud or error and for correspondingly minimizing the liability and exposure of individuals and/or entities as a consequence of compromised credit card information. A single data field taken from a suspected fraudulent transaction or entry is used to track all related transactions or entries and in the case of credit card transactions used to minimize liability to the credit card company and the proper credit card holder. The invention can detect additional fraudulent or “hidden” entities which may have used a common (and probably compromised) data key value and/or element to the originally suspected fraudulent or error-containing transaction or entry. This helps to search for transactions, identities and information that otherwise wish to remain hidden. The present method can help with maintaining financial records, eliminating or reducing money laundering, tracking fraud and/or terrorism and preventing the use of compromised information in the same or other databases by those who otherwise wish to conceal their improper transactions, entries and/or identities.
2. Description of Related Art
Nearly every business and individual in the United States and around the globe depends on the accurate and secure maintenance of data such as financial and identity-related data. Data is compiled in many different formats, but one format of particular interest in remaining uncompromised and unused by unauthorized individuals is transactional data, e.g., the use of a person's credit card to purchase goods or services. It is crucial to ensure that credit card information does not become stolen, compromised or erroneously recorded. In these situations, the consumer and the credit card company suffer the loss while the thief or thieves of the information improperly use it to effectively pillage and loot (and to hide from authorities). In the case of the erroneous, in contrast to fraudulent, recordation of credit card information, while inadvertently assigning a transaction (and debiting an account) to the wrong person may be a malice-free mistake, it still causes great consternation for all parties concerned. Errors in credit card transactions have economic costs, too, and, therefore, the elimination or reduction of errors as well as fraud is desirably sought.
The review of transactional data such as on-line credit card based-purchases for error or fraud has become an important tool in rooting out terrorist operations. The Defense Advanced Research Projects Agency has recently begun a program alternatively called Total Information Awareness and the less draconian-sounding Terrorism Information Awareness (TIA) program or plan, the purpose of which is to detect and defeat a terrorist attack before it occurs by using and analyzing available databases, financial and other forms of information. One of the proposed goals of TIA is to “connect the dots” of terrorism-related activity so that the ultimate result of the activity (i.e., an attack) is not realized. The project, currently in its nascent stages, depends or will depend at least in part on analyzing data, especially transactional and credit card transactional data, to discover patterns of activity that will lead the authorities to the whereabouts and identities (and possibly their plans and objects) of terrorists and their organizations. Of course, the present invention is also applicable to matters of lesser importance than national security, e.g., determining if a stolen credit card has been used or its number compromised and unauthorizedly used one or more times by another or many others. These thieves often try to establish new transactions with the same credit card number, and/or identity. Identity theft is today a serious problem. The present invention seeks to minimize the use of key information obtained by one who improperly gains access to a credit card transaction and uses the information, not just the credit card number, to his unlawful advantage.
Transactional data can be analyzed, one transaction at a time for indications of possible fraud or error. As used herein, fraud occurs when incorrect information is deliberately included in a credit card-type or identify verifying-like transaction, typically to deceive the recipient of the data into releasing goods, services or information. The most common example is when a stolen card or number is used to buy goods over the internet (or telephone) with the goods being sent to a different address than that normally associated with the credit card holder. Error occurs when incorrect information is inadvertently included in the transactional record. For example, a single credit card transaction over the phone or internet can include a name, a billing address (including street, city, state, zip code, country, etc.), an e-mail address, a credit card number, a shipping address; and an expiration date for the credit card. The actual residence or business location for billing purposes corresponding to the zip code of the shipping address can be compared. The business address (number and street, along with town or city) can also be compared to the actual city and state corresponding to the given zip code. If there is a discrepancy, an error or fraud can be suspected. If the given zip code in the transaction corresponds to the actual zip code of the information on a database, then there is a greater possibility that the transaction is legitimate. If the transaction is being done online, the host name or number of the Internet Protocol (“IP”) source address can be used with a reverse IP lookup utility database to determine if the recorded host name in the database is associated with the now given source address. This, too, can be useful in detecting error or possible fraud. Information corresponding to the automatically transmitted host name can also be compared with information manually entered in the online transaction. For example, if the host is located in Croatia and the address submitted in the transaction is Japan, then the transaction seems suspect.
Examining the information in a single transaction, as just discussed, can be useful in determining the risk of fraud or error within that transaction. However, certain transactions that contain fraudulent or erroneous information are, nevertheless, internally consistent. For example, even though a city and state address is deliberately incorrect and thus fraudulent (i.e., as entered by the thief/terrorist), the provided zip code corresponds to that city and state. Hence, there is no discrepancy between the zip code and the city and state, so the purely internal detection method discussed above would not indicate fraud or error. Likewise, the reverse IP lookup of an online transaction can reveal a host located in the same location/country as is indicated in the city and country manually submitted in the transaction, again, even though such information is fraudulent. A method is believed needed to detect possible fraud or error in transaction information, even when it is internally consistent, one record considered at a time. By linking known fraud (as when a credit card has been reported as stolen) with possible or potential fraud, eliminating or reducing fraud can be accomplished.
This, according to the present invention, is basically accomplished by connecting all of “the dots” by using information in the database in a thorough and scientific way (vs. random).